From 27a73f2c113082c98018298b5e9dd856a21f8457 Mon Sep 17 00:00:00 2001 From: Michael DeHaan Date: Fri, 1 Aug 2014 10:30:23 -0400 Subject: [PATCH] Update vault docs to indicate the executable script option is part of Ansible 1.7. --- docsite/rst/playbooks_vault.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docsite/rst/playbooks_vault.rst b/docsite/rst/playbooks_vault.rst index 934ca15082..268360e377 100644 --- a/docsite/rst/playbooks_vault.rst +++ b/docsite/rst/playbooks_vault.rst @@ -83,7 +83,7 @@ To run a playbook that contains vault-encrypted data files, you must pass one of This prompt will then be used to decrypt (in memory only) any vault encrypted files that are accessed. Currently this requires that all passwords be encrypted with the same password. -Alternatively, passwords can be specified with a file or a script. If this is done, be careful to ensure permissions on the file are such that no one else can access your key, and do not add your key to source control:: +Alternatively, passwords can be specified with a file or a script, the script version will require Ansible 1.7 or later. When using this flag, ensure permissions on the file are such that no one else can access your key and do not add your key to source control:: ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt @@ -91,9 +91,9 @@ Alternatively, passwords can be specified with a file or a script. If this is d The password should be a string stored as a single line in the file. -If you are using a script instead of a flat file, ensure that it is marked as executable, and that the password is printed to STDOUT. If your script needs to prompt for data, prompts can be sent to STDERR. +If you are using a script instead of a flat file, ensure that it is marked as executable, and that the password is printed to standard output. If your script needs to prompt for data, prompts can be sent to standard error. -This is likely something you may wish to do if using Ansible from a continuous integration system like Jenkins. +This is something you may wish to do if using Ansible from a continuous integration system like Jenkins. (The `--vault-password-file` option can also be used with the :ref:`ansible-pull` command if you wish, though this would require distributing the keys to your nodes, so understand the implications -- vault is more intended for push mode).